Accepted pstotext 1.9-3 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 5 May 2006 17:09:48 +0200
Source: pstotext
Binary: pstotext
Architecture: source i386
Version: 1.9-3
Distribution: unstable
Urgency: high
Maintainer: J.H.M. Dassen (Ray) <jdassen@debian.org>
Changed-By: J.H.M. Dassen (Ray) <jdassen@debian.org>
Description:
pstotext - Extract text from PostScript and PDF files
Closes: 356988
Changes:
pstotext (1.9-3) unstable; urgency=high
.
* [main.c] Security fix. popen(3) was being used in a construct which could
did not perform sufficient cleanup/quoting of filenames; these filenames
could come from untrusted sources like a web indexing service and could
thus be misused to execute shell code as the user running pstotext. The
use of popen(3) has been replaced by an explicit fork/pipe construct
which does not involve the use of a shell. (Closes: #356988)
* [debian/control] Change the non-virtual package suggestion for the
dependency on the "gs" virtual package to gs-gpl as gs-aladdin has become
a transitional package.
* [debian/control] Updated Standards-Version.
Files:
1a601f83c3461e09af5d08546fe73424 554 text optional pstotext_1.9-3.dsc
537914be4b8e09203b0020262be4404e 9045 text optional pstotext_1.9-3.diff.gz
4c3447207f721bcde1afe116ce1f89f4 32604 text optional pstotext_1.9-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEW24TIwmOUm50p9ERAnb9AKCh/djALjSnFy+jGRPtROC4U7hVHwCg6VRP
jMAzbBlAmSkZZMORwk/DZX4=
=VIKG
-----END PGP SIGNATURE-----
Accepted:
pstotext_1.9-3.diff.gz
to pool/main/p/pstotext/pstotext_1.9-3.diff.gz
pstotext_1.9-3.dsc
to pool/main/p/pstotext/pstotext_1.9-3.dsc
pstotext_1.9-3_i386.deb
to pool/main/p/pstotext/pstotext_1.9-3_i386.deb